I have groups system which allows users to join groups. I need to send notifications to other users when new members join/leave the group.
I don't have any server-side code. I only depend on the Firebase. After reading Firebase docs about firebase could messaging I found it's possible to send a notification message to a specific topic by sending a single HTTP request. but that request must include Authentication key like this
https://fcm.googleapis.com/fcm/send
Content-Type:application/json
Authorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
{
"to" : /topics/foo-bar",
"priority" : "high",
"notification" : {
"body" : "This is a Firebase Cloud Messaging Topic Message!",
"title" : "FCM Message",
}
}
So I am asking is it secure to place the authentication key in IOS App code? Is there any better way to implement device-to-devices notifications without exposing the authentication key?
Related
I'm trying to develop a bot to be used exclusively for proactive messaging (since unfortunately, it appears Connectors do not support direct messaging). I stood up a web service, and was able to receive the payload from Teams when I sent a message to the bot.
I'm now trying to send a proactive message from the bot back to my user, as described here. Per the instructions, I am POSTing the following payload to <serviceUrl>/v3/conversations. (Values in brackets are interpolated from the payload I received from Teams)
{
"bot": {
"id": <recipient.id>,
"name": <recipient.name>
},
"isGroup": false,
"members": [
{
"id": <from.id>,
"name": <from.name>
}
],
"tenantId": <channelData.tenant.id>,
"topicName": "News Alert"
}
I also included a Bearer token that I got by calling https://login.microsoftonline.com/<channelData.tenant.id>/oauth2/v2.0/token. Yet, whenever I try to create the conversation, it fails with an error that "Authorization has been denied for this request." As far as I can tell, the token should be valid, so I'm not sure what else could be going on here. I saw something about trusting the service URL, but I'm not sure how I would do that since I'm not using the Bot SDK. Perhaps I'm going about this wrong and should be trying to create an Activity rather than a Conversation?
There are basically two steps in sending pro-active messages. The first step is just a once-off - it's getting the unique ID of the conversation between the bot and the user. It's the paragraph you're linking to in your original question, and it's the payload sample you're showing. Once you've got that conversation id, you'd then proceed to sending messages at any time in the future (that's this paragraph).
However, in Teams, the first part is handled differently. Rather than calling the bot framework conversation endpoint (recall that bot framework is used for other things aside from Teams bots), you wait for the user to install the app, which includes your bot. When this is done, your bot will receive a conversationUpdate event. When this fires, you'll be sent a payload which includes the conversationId of the newly-created conversation. This replaces the call you're currently making.
You need to save the conversationId, and the serviceUrl (which will be similar too 'https://smba.trafficmanager.net/apis', but unique for Teams, and will be the 'base' of the URL you'll call later).
Importantly, it is possible to "pre-install" an app for a user, using the Graph API. See Install app for user.
That should help with what you're missing. However, as an 'fyi', you can use libraries for this instead of making the call directly yourself. In dotnet, for instance, you can reference Microsoft.Bot.Connector.ConnectorClient (in Microsoft.Bot.Connector), which has a Conversations.SendToConversationAsync(..) method.
I think I've figured out the problem. I sent my token request to https://login.microsoftonline.com/<channelData.tenant.id>/oauth2/v2.0/token, which was successful and gave me a token back. However, the instructions outlined here say not to use <channelData.tenant.id>, but instead just the hardcoded string botframework.com. After requesting the token that way, my requests appear to be working.
I have a bot that I've built that's running on the Azure Bot Service with a Twilio Channel. I'm sending Proactive activities via my Twilio channel. Everything is working fine. I just got a request that a customer wants to have their own phone number. I would like to just have 1 bot service running but have multiple Twilio phone numbers go into this.
My thought was that I could setup an API service which would then be the incoming message call back / webhook from Twilio which then would use the Directline API to the Bot Framework. It would essentially just replace the https://sms.botframework.com/api/sms service. The problem is that I'm not sure I could still have the proactive messages working - it seems like the Directline 3.0 API works only when a conversation is started first with it.
Does anyone have any thoughts on this if this would work or have any other ideas?
Thanks
Yes, the approach which you mentioned above would be ideal. Each Web App Bot/Bot Channels Registration can only be associated with one Twilio number. I will elaborate on the steps which you mentioned above:
Create a server running the Twilio SMS API code which forwards the messages to the bot via the DirectLine API. The user sends a message to this server.
For every activity sent to the bot, make sure to include the number: Activity.ChannelData = new { fromNumber: <123-456-7890> }. The Server forwards the message to the bot.
You will need to re-attach the fromNumber to the bot's outgoing activity so that your Twilio API server knows where to send the outgoing message to. The Bot sends the reply to the server.
The Twilio API server sends Activity.Text to the user. The Server forwards message from bot to user.
For the proactive messages part, you can add a conversation property to the address param, and set the id to the user's phone number.
Example:
bot.beginDialog(
{
user: { id: '+1234567890' },
bot: { id: '+9876543210' },
conversation: { id: '+1234567890' },
channelId: 'sms',
serviceUrl: 'https://sms.botframework.com'
},
);
Hope this helps.
I am attempting to open a DM (Direct Message) with an arbitrary user using the im.open Slack API call. I am sending it a user's user_id that I obtain through their clicking of a consent button in order to begin a series of questions. I am sending data to the Slack API successfully along with receiving data. I am getting the following response...
{
"ok": false,
"error": "missing_scope",
"needed": "im:write",
"provided": "identify,incoming-webhook,chat:write:user,files:write:user",
}
I have went into the application's page and changed the scope of the app (I am not the owner, but have been given collaborator permissions by my team lead (the owner)). These are the current permissions...
I apologize for the poor quality of the image. The scopes are as follows...
identify
incoming-webhook
chat:write:user
files:write:user
im:write
After this change, I am still getting the same response from the Slack API. The following is what I am sending them (it's my user_id, and I don't mind).
{
"user": "U94155Z43"
}
Any help is appreciated. Thanks.
I needed to use the bot token "xoxb" instead of the user token "xoxp" which I had used for all other slack api calls.
I'd like to add a new user to ASANA programmatically. I already have the OAUTH App and the user token.
Looking at the API I can't find a way to "create a new user".
Is it possible to create a new user simple via API?
Otherwise, is it possible to "invite" a new user via given email? Like from the UI where you can put the EMAIL and the system send an invitation link!
I tried with:
https://app.asana.com/api/1.0/workspaces/[WORKSPACEID]/addUser?user=[NEW USER EMAIL]
But I get a BAD REQUEST in response:
{
"errors": [
{
"message": "Could not parse request data, invalid JSON",
"help": "For more information on API status codes and how to handle them, read the docs on errors: https://asana.com/developers/documentation/getting-started/errors"
}
]
}
Thank you very much
I've never tried to do that specifically, but recently I did attempt to add members to a project through the API. There was nothing in the documentation about it, and I was told that it wasn't a supported API operation.
I would guess that if there's no mention of this feature in the documentation that it's also not supported for a similar reason.
I am integrating Outlook Office 365 in my web app. I want my app to remain in sync with Office 365 if there is any create/update event in the calendar.
Currently I have created one-way sync process, like create, update, delete, and get all events from calendar. The problems are:
how to make two-way syncing with Office 365 for our app?
How to create notification subscription?
how to authenticate Notification-URL for subscription?
When we subscribe for notification callback, the returned message through exception with this Notification URL
https://webapp.com/notifications?validationtoken=MmJiM2QwMjYtNjAxYi verification failed.
The question is how we will verify Notification-ULR?
I have created app on Window Azure and when i subscribe return same error message.
How i fix this?
Following code for subscription:
URL: https://outlook.office365.com/api/v2.0/me/subscriptions
json_object = {
"#odata.type":"#Microsoft.OutlookServices.PushSubscription",
"Resource":"https://outlook.office365.com/api/v2.0/Me/Events",
"NotificationURL":"https://webapp.com/notifications“,
"ChangeType":"Created, Updated, Deleted",
"ClientState":"36228645-58b5-4d73-98a6-1b9ac535680c"
}
https://dev.outlook.com/RestGettingStarted/Concepts/Webhooks
The Outlook notifications service validates the notification URL in a subscription request before creating a new subscription which occurs as follows:
Outlook notifications service sends a POST to the notification URL:
POST https://{notificationUrl}?validationtoken={TokenDefinedByService}
ClientState: {Data sent in ClientState value in subscription request (if any)}
Webhooks service must provide a 200 response with the validationtoken value in its body as type plain/text within 5 seconds. The validation token is a random string that should be discarded by the webhook after providing it in the response.